Hackers Are Spreading Crypto Mining Malware via Routers
Hackers are coming up with innovative ways to spread crypto mining malware. According to a new report, over 400,000 routers have been infected by a cryptojacking malware that specifically targets MikroTik routers. The attack, which was discovered in August, continues to spread. At the time, approximately 200,000 routers were found to have been compromised by hackers. The figures were based on the number of IP addresses that ran the infected crypto-mining script. Speaking to Hard Fork, researcher VriesHD stated that actual figures could be between 350,000 and 400,000. He also noted that most MikroTik router malware attacks were spread by Internet Service Providers (ISPs) to unsuspecting users. According to VriesHD, the problem could easily be resolved by updating router firmware. However, some routers don’t have this feature enabled. In this case, ISPs could force firmware updates. According to the security researcher, ISPs that have released a patch have been able to overcome the issue. Those that haven’t continue to expose clients to attacks. Most infections are said to have occurred in Brazil. Just a few days ago, McAfee published another report announcing the discovery of a new hard-to-track crypto mining malware dubbed WebCobra. It compromises legitimate windows processes and hijacks a system’s resources to mine cryptocurrencies. The malicious program mines crypto by installing the Cryptonight or Claymore’s Zcash miner. The two applications are used to mine Zcash using graphic processing units (GPU) on compromised computers. The script first launches a Microsoft installer to predetermine the miner to install. Cryptonight miner code is injected into x86 machines, while x64 systems get a Claymore’s Zcash miner installation. The only sign that a computer has been compromised is a significant drop in computing performance. Overheating issues may also arise. The threat is most prevalent in Brazil, the United States, and South Africa.